Lucene search
Veracode Vulnerability DatabaseVERACODE:7587HistoryOct 10, 2018 - 3:04 a.m.
Denial Of Service (DoS)
2018-10-1003:04:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.012
Percentile
85.6%
tika-core is vulnerable to denial of service. Entity expansion limits are not properly enforced for XML parsing which allows remote attackers to cause a denial of service condition via specially crafted XML input.
References
www.securityfocus.com/bid/105585
github.com/apache/tika/commit/148adec1016acc122fa5e972f75d7029376998d9
github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
security.netapp.com/advisory/ntap-20190903-0002/
Related
openvas
openvas
Apache Tika Server XML Entity Expansion Denial of Service Vulnerability
2018-09-27 00:00:00
prion
prion
Code injection
2018-10-09 22:29:00
github
github
cvelist
cvelist
CVE-2018-11796
2018-10-09 22:00:00
osv
osv
CVE-2018-11796
2018-10-09 22:29:00
ubuntucve
ubuntucve
CVE-2018-11796
2018-10-09 00:00:00
debiancve
debiancve
CVE-2018-11796
2018-10-09 22:29:00
cve
cve
CVE-2018-11796
2018-10-09 22:29:00
redhatcve
redhatcve
CVE-2018-11796
2018-10-15 07:28:22
nvd
nvd
CVE-2018-11796
2018-10-09 22:29:00
ibm
ibm
redhat
redhat
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16